Trending Projects

A C# tool for discovering and exploiting SQL injection vulnerabilities across various databases.

A network reconnaissance and asset discovery tool written in Go for security professionals.

A DNS rebinding attack framework written in JavaScript for security research and testing.

Suricata IDS rules to detect red team and malicious behavior like CobaltStrike, MSF, Empire, etc.

Implements the CobaltStrike Beacon in Go for security research and reverse engineering purposes.

LSTAR is a comprehensive post-exploitation plugin for CobaltStrike, a popular penetration testing framework.

Automated Red Team Infrastructure deployment using Docker for penetration testing and security research.

A utility for detecting phishing domains targeting Web3 users, built with TypeScript.

This repository covers code execution and AV evasion methods for macros in Office documents.

A refactored and improved password spraying tool that uses FireProx APIs to stay anonymous and beat throttling.

This Arduino project exploits the trust of USB devices to install a cross-platform backdoor and reroute DNS.

An OSINT tool that helps find email addresses and potential credential leaks from social media profiles.

A Python-based syscall shellcode loader, a work-in-progress security research project.

A DNS enumeration tool that can be used for network reconnaissance and security testing.

A CLI tool for open source and threat intelligence, focused on providing a comprehensive OSINT framework.

A mobile tool for Android, iOS, and HarmonyOS developers focused on app analysis, vulnerability discovery, and penetration testing.

PowerShell framework to assess Azure security for Windows and Linux systems

An OSINT tool for finding profiles by username, useful for security research and information gathering.

A collection of security engineer interview questions from Glassdoor.com for job preparation.

A DNS client that supports various encryption and anonymization protocols to bypass censorship and protect privacy.

A Shell script that can be used to take target's webcam shots through a link.

This repository contains a zero-day code injection and persistence technique in C, but it is not focused on AI tools for developers.

A deprecated client for the Privacy Pass protocol, providing unlinkable cryptographic tokens for browser extensions.

A collection of Docker images for network intrusion and penetration testing tools.

Curated penetration testing & ethical hacking tools organized by category for security professionals.

A toolkit for creating various payloads, powershell attacks, and launching listeners for Human Interface Devices (Teensy).

A set of process injection techniques for Windows Thread Pools, primarily for security research purposes.

A Python tool to generate unicode domains for IDN Homograph Attack and detect them.

A decentralized VPN written in Go that provides secure, privacy-preserving internet access.

A curated, well-maintained hostfile to block ads, tracking, cryptomining, and more for better privacy and performance.

Reverse-engineering tool for account pooling with load balancing, auto-refresh, caching & proxy support

This is a comprehensive network security tool for professionals and enthusiasts, featuring decryption, analysis, scanning, and traceability.

Advanced Wazuh rules for more accurate threat detection in your Wazuh environment.

A set of tools for detecting and preventing cloud storage data leaks across major cloud providers.

Secator is a powerful security and pentesting tool that provides a comprehensive set of automation and reconnaissance capabilities.

A PowerShell module for conducting security audits on Microsoft 365, Azure, and Azure AD resources.

A fast and powerful steganography cracking tool for security researchers and CTF participants.

This is a penetration testing framework written in Python for security professionals.

A curated list of amazing Homomorphic Encryption libraries, software and resources for developers.

A Python-based tool for batch URL collection and vulnerability scanning, useful for security research and penetration testing.

A Java deserialization exploit framework for penetration testing and security research.

OSINT tool for email/username enumeration across platforms. Security research & investigation focused.

This GitHub repository contains a collection of security-related resources for developers.

A passive Burp Suite plugin for detecting FastJson vulnerabilities.

A repository for learning and documenting internal network penetration testing (domain penetration).

A Java library that unpacks malicious backdoors and exploits used by the Chinese e-commerce company Pinduoduo.

A Python library for implementing cryptographic attacks and utilities for security research and CTF challenges.

A Python script that automatically cracks Jinja2 SSTI vulnerabilities to bypass WAF, designed for CTF challenges.

Websploit is a high-level MITM (Man-in-the-Middle) framework written in Python for network penetration testing.

Encrypted digital estate planning tool—securely store secrets & plans for worst-case scenarios